2 critical vulnerabilities affecting Splunk Enterprise and Splunk Universal Forwarder on Windows platforms were disclosed, both involving incorrect permission assignments during installation or upgrade. The vulnerabilities addressed may enable attackers to exploit issues such as privilege escalation, information disclosure, or remote code execution.
Continue Reading
September 2025 Patch Tuesday update, addressing 86 security issues in products like Microsoft Windows, Microsoft Office etc.
This includes two publicly known zero-day bugs in the Windows SMB Server and another in Newtonsoft.Json. Here are the CVE addressed for Microsoft & non-Microsoft.
Organizations are strongly encouraged to prioritize patching of systems tied to network services, virtualization and productivity tools to mitigate risks of exploitation.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-09-09 |
| No. of Patches | 86 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Here are the CVE addressed for Microsoft & non-Microsoft
Breakdown of September 2025 Vulnerabilities
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows SMB Elevation of Privilege Vulnerability | CVE-2025-55234 | Windows Server, Windows 10, 11 | High | 8.8 |
| Improper Handling of Exceptional Conditions in Newtonsoft.Json | CVE-2024-21907 | Microsoft SQL Server | High | 7.5 |
Technical Summary
September 2025 Patch Tuesday includes security updates addressing denial-of-service and privilege escalation vulnerabilities in commonly used libraries and services.
One of the publicly disclosed zero-day CVE-2024-21907 affects the popular .NET library Newtonsoft.Json, where deserialization of crafted JSON can lead to application crashes.
Additionally, CVE-2025-55234 highlights a potential for relay attacks in SMB Server configurations that lack hardening measures such as signing and Extended Protection for Authentication (EPA). Microsoft advises assessing current SMB deployments using new audit capabilities introduced in this month’s updates.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-55234 | Microsoft SMB Server | Lack of hardening (signing & EPA) in SMB Server can allow attackers to perform relay attacks, potentially resulting in elevation of privilege. | Privilege Escalation |
| CVE-2024-21907 | Newtonsoft.Json < 13.0.1 | Improper handling of crafted input to JsonConvert.DeserializeObject may trigger a StackOverflowException, leading to a denial-of-service condition. | Denial of Service |
Source: Microsoft and NVD
In addition to the publicly disclosed zero day vulnerability, several other Critical & High severity issues were addressed
Key Affected Products and Services
The September 2025 security updates address critical and important vulnerabilities across a broad range of Microsoft products and services:
Includes updates for Windows Kernel, NTFS, TCP/IP, Defender Firewall, LSASS, BitLocker, NTLM, Win32K, and RRAS (Routing and Remote Access Service), with several vulnerabilities rated CVSS 8.8 or higher.
Patches released for Excel, Word, PowerPoint, Visio, and SharePoint addressing RCE and information disclosure issues, especially through Preview Pane vectors.
Fixes affect Azure Virtual Machine Agent, Azure Arc, and High-Performance Compute Pack (HPC).
Multiple vulnerabilities in Hyper‑V and Virtual Hard Drive components, including privilege escalation and denial-of-service risks.
Patches applied to PowerShell, AutoZone, Windows Management Services and Capability Access Management, addressing local privilege escalation.
Updates cover SMB, SMBv3, MSMQ and Connected Devices Platform, with critical RCE and lateral movement vectors in enterprise environments.
Microsoft Edge (Chromium-based) updates, along with republished Chrome CVEs for continued coverage of known browser threats.
Remediation:
Apply Patches Promptly: Install the September 2025 security updates immediately to mitigate risks.
Conclusion:
Microsoft’s September 2025 Patch Tuesday addresses 86 vulnerabilities, including several critical and high rated issues across Windows, Office, Hyper-V and Azure components etc.
Notably, multiple flaws affect Windows Routing and Remote Access Service (RRAS), SQL Server, and Microsoft High Performance Compute Pack (HPC), with potential for remote code execution (RCE) and privilege escalation.
Microsoft fixed an elevation of privileges flaw in SMB Server that is exploited through relay attacks.
“SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks,” explains Microsoft.
References:
Summary
Anthropic’s Claude Code gained traction as a powerful AI coding assistant and promises developers a safe and streamlined way to build with Claude’s capabilities. But recently two high-severity vulnerabilities have been discovered in Claude Code, Anthropic’s AI-powered coding assistant. These flaws allow attackers to escape security restrictions and execute arbitrary system commands.
AI coding assistant was meant to enforce restrictions but unknowingly reveals how to bypass them. Threat researchers from Cymulate discovered two high-severity vulnerabilities in Claude Code, which were quickly addressed by the team.
These issues allowed me to escape its intended restrictions and execute unauthorized actions, all with Claude’s own help.
| Severity | High |
| CVSS Score | 8.7 |
| CVEs | CVE-2025-54794, CVE-2025-54795 |
| POC Available | Yes |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Notably, Claude’s own feedback mechanisms were leveraged by attackers to refine and optimize their payloads.
These CVEs highlight how generative AI tools can be manipulated into aiding exploitation attempts, demonstrating the risks of integrating AI into secure development workflows.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Path Restriction Bypass | CVE-2025-54794 | Claude Code < v0.2.111 | 7.7 | v0.2.111 |
| Command Injection | CVE-2025-54795 | Claude Code < v1.0.20 | 8.7 | v1.0.20 |
Technical Summary
CVE-2025-54794 – Directory Restriction Bypass
Claude Code tried to keep file access safe by only allowing work in certain folders. But it used a weak method to check file paths it just checked if the file name started with an allowed folder name. An attacker could create a folder with a similar name (like /tmp/allowed_dir_malicious) and trick Claude into thinking it was safe.
This could allow attackers to reach outside the safe folder, read secret files or even access system settings. Using symbolic links, attackers could also jump to important files that should never be touched.
CVE-2025-54795 – Command Injection
Claude only allows certain commands, like echo or ls, to run. But there was a mistake in how it cleaned user input. Attackers could hide harmful commands inside allowed ones. Example – echo “\”; <MALICIOUS_COMMAND>; echo \”” tricks Claude into running the attacker’s command between two harmless echo commands.
Even worse, Claude helped improve these attack attempts. When a try failed, the attacker asked Claude why it didn’t work. Claude explained the problem and suggested fixes leading to successful attacks.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-54794 | Claude Code versions below v0.2.111 | Claude used a weak prefix matching to check if files were inside a safe folder. Attackers could create folders with similar names to bypass these checks. | Attackers can escape the sandbox, access sensitive files, and potentially escalate system privileges. |
| CVE-2025-54795 | Claude Code versions below v1.0.20 | Claude allowed only safe commands, but input was not cleaned properly. Attackers could hide malicious commands inside allowed ones like echo. | Attackers can run harmful commands, open applications, and possibly install malware or backdoors. |
POC Available:
This vulnerability exploits a weakness in how Claude handles whitelisted command strings. Improper input sanitization allows attackers to inject arbitrary shell commands using echo, bypassing any user prompt or approval.
Step 1 – Try a basic payload
echo “test”; ls -la ../restricted (This gets flagged by Claude, and it asks for user confirmation)
Step 2 – Refined working payload:
echo “\”; ls -la ../restricted; echo \””
Claude executes this without a prompt.
Lists a directory (../restricted) outside the current working directory, which should not be accessible.
Step 3 – Execute arbitrary system command (e.g., launch Calculator)
echo “\”; open -a Calculator; echo \””
This launches the Calculator app without any user approval.
Remediation:
For CVE-2025-54794 → Update to v0.2.111 or later
For CVE-2025-54795 → Update to v1.0.20 or later
Conclusion:
These vulnerabilities highlight a growing concern in AI-assisted development, the AI’s ability to assist malicious users. Claude Code not only allowed abuse through technical flaws, but also helped attackers refine and improve their exploitation strategy.
Organizations leveraging AI in development pipelines must apply the same rigor used for traditional tools, enforce strict input validation, isolate environments and assume AI can be misled or exploited.
Anthropic’s security and engineering teams has been fast with their professional response and smooth coordination during disclosure.
References:
Summary
| OEM | Filigran |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2025-24977 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A critical vulnerability (CVE-2025-24977) in the OpenCTI Platform allows authenticated users with specific permissions to execute arbitrary commands on the host infrastructure, leading to potential full system compromise.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Webhook Remote Code Execution vulnerability | CVE-2025-24977 | OpenCTI | Critical | 6.4.11 |
Technical Summary
The vulnerability resides in OpenCTI’s webhook templating system, which is built on JavaScript. Users with elevated privileges can inject malicious JavaScript into web-hook templates.
Although the platform implements a basic sandbox to prevent the use of external modules, this protection can be bypassed, allowing attackers to gain command execution within the host container.
Due to common deployment practices using Docker or Kubernetes, where environment variables are used to pass sensitive data (eg: credentials, tokens), exploitation of this flaw may expose critical secrets and permit root-level access, leading to full infrastructure takeover.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24977 | OpenCTI (≤ v6.4.10) | The webhook feature allows JavaScript-based message customization. Users with manage customizations permission can craft malicious JavaScript in templates to bypass restrictions and execute OS-level commands. Since OpenCTI is often containerized, attackers can gain root access and extract sensitive environment variables passed to the container. | Root shell access in the container, exposure of sensitive secrets, full system compromise, lateral movement within infrastructure. |
Remediation:
The misuse can grant the attacker a root shell inside a container, exposing internal server-side secrets and potentially compromising the entire infrastructure.
Conclusion:
CVE-2025-24977 presents a highly exploitable attack vector within the OpenCTI platform and must be treated as an urgent priority for remediation.
The combination of remote code execution, privileged access and secret exposure in containerized environments makes it especially dangerous.
Organizations leveraging OpenCTI should upgrade to the latest version without delay, review their deployment security posture, and enforce strict access control around webhook customization capabilities.
References:
Summary Security Advisory:
A high-severity remote code execution (RCE) has been identified in Apache Parquet Java, specifically within the parquet-avro module. Discovered by Apache contributor Gang Wu, this vulnerability affects all versions up to and including 1.15.1 and can allow attackers to execute arbitrary code when a system processes a specially crafted Parquet file. The issue is fixed in version 1.15.2.
| OEM | Apache |
| Severity | High |
| CVSS Score | Not Available |
| CVEs | CVE-2025-46762 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Apache Parquet is an open-source, columnar storage format designed for efficient data processing, widely used by big data platforms and organizations engaged in data engineering and analytics.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Remote Code Execution vulnerability | CVE-2025-46762 | Apache Parquet Java | High | 1.15.2 |
Technical Summary
CVE-2025-46762 arises from insecure schema parsing logic in the parquet-avro module of Apache Parquet Java. When the application uses the “specific” or “reflect” Avro data models to read a Parquet file, malicious actors can inject specially crafted metadata into the Avro schema portion of the file.
Upon deserialization, the system may inadvertently execute code from Java classes listed in the default trusted packages (e.g., java.util), resulting in remote code execution. The vulnerability is not present when using the safer “generic” Avro model.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-46762 | Apache Parquet Java ≤1.15.1 | Insecure deserialization in the parquet-avro module allows execution of arbitrary Java classes when processing Parquet files with embedded malicious Avro schemas. The issue is exploitable only when using the “specific” or “reflect” data models, and relies on the presence of pre-approved trusted packages like java.util. | Remote Code Execution (RCE), potential supply chain compromise, unauthorized code execution. |
Conditions for Exploitation:
This creates significant risk in data processing environments such as Apache Spark, Flink, and Hadoop, where external Parquet files are commonly ingested.
Remediation:
-Dorg.apache.parquet.avro.SERIALIZABLE_PACKAGES=””
Conclusion:
CVE-2025-46762 presents a significant RCE threat within big data ecosystems that use Apache Parquet Java with the parquet-avro module. Systems relying on unsafe deserialization patterns are especially at risk. Prompt patching or configuration hardening is strongly recommended to safeguard against exploitation.
References:
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the ‘lang’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files.
| OEM | WordPress |
| Severity | Critical |
| CVSS score | 9.8 |
| CVEs | CVE-2025-2505 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
A critical vulnerability (CVE-2025-2505) in the Age Gate plugin for WordPress allows unauthenticated Local PHP File Inclusion (LFI), potentially enabling remote code execution. This flaw affects all versions up to 3.5.3 and has been patched in version 3.5.4. Over 40,000 websites are affected by this vulnerability.
This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Improper Limitation of a Pathname to a Restricted Directory | CVE-2025-2505 | Age Gate WordPress Plugin | Critical | v3.5.4 |
Technical Summary
The vulnerability exists due to improper limitation of pathname input, leading to an unauthenticated Local PHP File Inclusion (LFI) attack through the lang parameter. This flaw can be exploited by attackers to execute arbitrary PHP files, bypass access controls, and compromise server security.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-2505 | WordPress websites using Age Gate Plugin (<=3.5.3) | Local PHP File Inclusion via ‘lang’ parameter allows execution of arbitrary PHP files. | Unauthorized code execution, data exfiltration, privilege escalation, potential full server compromise. |
Remediation:
Conclusion:
Attackers can potentially: – Include and execute arbitrary PHP files on the server – Bypass access controls – Obtain sensitive site data – Achieve remote code execution – Compromise the entire WordPress site’s integrity and availability
This vulnerability poses a severe risk to WordPress websites utilizing the Age Gate plugin. Prompt patching and proactive security measures are crucial to mitigating potential attacks.
Users are strongly advised to update to the latest version without delay to protect their websites from unauthorized code execution.
CVE-2025-2505 affects all versions of the Age Gate plugin for WordPress up to and including version 3.5.3.
References: